Fix course updates and deletes

6 months ago · 2520dc3cce
parent 8b9354c81d
commit 2520dc3cce
1 changed files with 70 additions and 3 deletions
--- a/backend/blueprints/course/init.py
+++ b/backend/blueprints/course/init.py
@ -1,9 +1,10 @@
 from flask import Blueprint, request, jsonify, g
+from sqlalchemy import select, and_
 from werkzeug.datastructures import MultiDict
 import os
 import uuid
 from config import DEFAULT_COURSE_COVER
-from db.model import db, Course, Category, User, Chat
+from ...db.model import db, Course, Category, User, Chat
 from utils.utils import random_string_generator
 from utils.auth import auth_required, requires_role
 from constants import *
@ -18,7 +19,6 @@ def create_course():
    form_data: dict  = request.form
    course_uploaded_cover_image: MultiDict|None = request.files.get('cover_image', None)
    course_uploaded_pdf: MultiDict|None = request.files.get('course_pdf', None)
-
    cover_file_name: str = DEFAULT_COURSE_COVER
    pdf_file_name: str = ''
    if course_uploaded_cover_image is not None:
@ -50,7 +50,74 @@ def create_course():
        quizzes=[],
        chats=[]
    )
+
    # chat: Chat = Chat(courseID=new_course.id) TODO: Add a welcome chat for this course
    db.session.add_all(new_course)
    db.session.commit()
    return jsonify({'message': 'Course was created successfully.'}), 200
+
+@course.route('/update', methods=['UPDATE', 'DELETE'])
+@auth_required()
+def update_course():
+    form_data = request.form
+    course_id: uuid.UUID = uuid.UUID(form_data['course_id'])
+    selected_course: Course|None = None
+    if g.current_user.role == int(UserRole.ADMIN):
+        selected_course: Course = db.session.execute(select(Course).where(and_(
+            Course.id == course_id
+        ))).scalar()
+    else:
+        selected_course: Course = db.session.execute(select(Course).where(and_(
+            Course.id == course_id, Course.publishedStatus != int(PublishedStatus.BANNED)
+        ))).scalar()
+    if not selected_course:
+        return jsonify({'message': 'The course could not be found'}), 404
+    if request.method == 'DELETE':
+        if selected_course.authorID == g.current_user.id or g.current_user.role == int(UserRole.ADMIN):
+            db.session.delete(selected_course)
+            db.session.commit()
+            return jsonify({'message': 'Course was deleted successfully'}), 200
+        else:
+            return jsonify({'message': 'Unauthorized for this change'}), 401
+    else:
+        # Update the data
+        if selected_course.authorID == g.current_user.id or g.current_user.role == int(UserRole.ADMIN):
+            if form_data.get('course_name'):
+                selected_course.name = form_data.get('course_name')
+            if form_data.get('course_description'):
+                selected_course.description = form_data.get('course_description')
+            if form_data.get('category_uuid'):
+                selected_course.categoryID = uuid.UUID(form_data.get('category_uuid'))
+            if form_data.get('isActive'):
+                selected_course.isActive = bool(int(form_data.get('active')))
+
+            # Admin Guarded
+            if form_data.get('published_status'):
+                if g.current_user.role != int(UserRole.ADMIN):
+                    return jsonify({'message': 'Unauthorized'}), 401
+                valid_states: list[int] = [
+                    int(e) for e in
+                    [PublishedStatus.APPROVED,
+                     PublishedStatus.PENDING,
+                     PublishedStatus.DECLINED,
+                     PublishedStatus.REVOKED,
+                     PublishedStatus.BANNED,
+                     PublishedStatus.DRAFT]
+                ]
+                if int(form_data.get('published_status')) not in valid_states:
+                    return jsonify({'message': 'Invalid state to update'}), 401
+                selected_course.publishedStatus = int(form_data.get('published_status'))
+            if request.files.get('cover_image'):
+                cover_file_name: str = random_string_generator(32) + request.files.get('cover_image').filename.split('.')[-1]
+                request.files.get('cover_image').save(os.path.join(USER_UPLOADS_DIR, cover_file_name))
+                selected_course.coverImage = cover_file_name
+            if request.files.get('course_pdf'):
+                pdf_file_name: str = random_string_generator(32) + request.files.get('course_pdf').filename.split('.')[1]
+                request.files.get('course_pdf').save(os.path.join(USER_UPLOADS_DIR, pdf_file_name))
+                selected_course.serverFilename = pdf_file_name
+            if g.current_user.role != int(UserRole.ADMIN):
+                selected_course.publishedStatus = int(PublishedStatus.PENDING)
+            db.session.commit()
+            return jsonify({'message': 'Course info updated'}), 200
+        else:
+            return jsonify({'message': 'Unauthorized for this change'}), 401